Sr. Associate, Business Control and Risk Management-IT Cloud Control Tester
Company: Santander Holdings Usa Inc
Location: Quincy
Posted on: January 22, 2025
Job Description:
Sr. Associate, Business Control and Risk Management-IT Cloud
Control Tester
Quincy, United States of America
The IT Sr Associate operates within the First Line of Defense
(FLoD) to execute the Enterprise Risk Framework - ensuring
compliance with Regulations, Corporate Standards, and Corporate
Policy. The Sr. Associate will help champion the Business Control
mandate acting as a critical partner guiding stakeholders to embed
risk management practices in the FLoD (First Line of Defense). The
Sr Associate serves as a subject matter expert by advising and
guiding enterprise-wide initiatives such as control assessments,
risk assessments, and controls performance attestation. Evaluations
require collaboration with various stakeholders while influencing
parties towards strategic goals. Sr Associate is a cloud (AWS)
subject matter expert and will guide others on the team regarding
appropriate testing strategies and appropriate evidence and may
manage a small team in these efforts.
Essential Functions:
- Recognized as a subject matter expert (especially in cloud) by
advising and guiding enterprise-wide initiative such as control
assessments, risk assessments, validation of remediation of issues,
and other special projects as assigned.
- Drives projects to implement the necessary changes to IT
procedures and processes in order to align the Technology to the
organization's OCC's practice standards.
- Analyzes, evaluates, and provides strategic guidance and
direction for programs, policies, and procedures to ensure
alignment with regulatory requirements and acceptable risk
mitigation practices.
- Acts as a liaison with Risk and Compliance teams or Second Line
of Defense to develop and implement new standard
requests/revisions, to complete all line of business-related risk
assessments, risk mandates, continuity plans, resolution plans, and
execution.
- Supports Business Unit team members in the resolution of risk
related issues.
- Identifies gaps in risk and controls, proposes solutions, and
implements corrective actions.
- Performs control assessments as part of the First Line of
Defense across all of Technology by determining the design and
operating effectiveness of controls in accordance with standards
and regulatory requirements.
- Provide management with regular reporting of program progress
and risks.
- Effectively partners with Technology management/leader to
mitigate risk.
- Manages complex process evaluations across single or varied
lines of business.Requirements:
Education:
- Bachelor's Degree: Statistics, Risk Management, Information
Systems, Finance, or equivalent field or equivalent work experience
Experience:
- 5+ years Risk Management, Internal Controls, Auditing, Credit
Management, relevant line of business experience and/or legal or
regulatory experience.
- 3+ years testing technical controls and evaluation of technical
evidence/data, including cloud (AWS) Skills & Abilities:
- Must have experience testing cloud hosted applications or
platforms.
- Must be able to work with minimal supervision and deliver
assignments on schedule.
- Must be able to work in fast paced environment.
- Prior experience with Cyber-risk assessment / Cyber security
assessment / Penetration testing / Network Devices
(firewalls/IDS-IPDS) / IT Tools .
- Strong knowledge and understanding of risk and control
methodology including frameworks such as the COSO and COBIT
frameworks.
- Develop and document test procedures and/or document
recommendations for test plan modifications that improve validation
of control objectives. Test procedure development may cover a wide
range of technically diverse topics ranging from IP Network
Discovery, access management, network security/operation,
vulnerability management, Information Security, SDLC, Backup and
others.
- Data analysis skills and ability to develop scripts or complex
Excel formulas to gather and analyze data required for control
assessment. Automate testing procedures where possible.
- Perform multi-platform (application, database, operating
system, middleware, monitoring tools, and business processes) level
testing. Obtain, review, and interpret evidence provided to
validate controls are performed effectively and identify
vulnerabilities, gaps, or control deficiencies. Identify risks
associated with control failures and supports the identification of
mitigating controls.
- Proficient computer navigation skills using a variety of
software packages, including Microsoft Office applications and word
processing, spreadsheets, databases, and presentations.
- Ability to accurately document control testing results in
sufficient details.
- Ability to build credibility with, collaborate with, and
influence Technology management/leadership
- Excellent analytical and complex problem-solving skills.
- Superior project management skills.
- Ability to constructively work both independently and in
collaborative environments involving all levels of management and
employees
- Advanced understanding of the regulatory environment and how
the risks of the products and services the bank offers are viewed
by the Second Line of Defense and regulators.
- Demonstrated judgement in escalation, ensuring risk-based clear
line of sight for senior executives into existing and emerging
issues/incidents.
- Ability to constructively work both independently and in
collaborative environments
- Ability to collaborate with internal and external service
providers to establish resource requirements, scheduling,
assignments and service levels Licenses & Certifications:
- Preferred Professional Certification such as CRISC, CISA, CISSP
Competencies:
Collaboration - Relationship Management: Advanced - Leading and
Guiding
- Improves relationships between key individuals to achieve
seamless cross-team work flow and positively impact results.
- Uses informal networks to gain support for ideas and projects.
Collaboration - Teamwork: Advanced - Leading and Guiding
- Brings out the best in each team member by consistently
motivating and acknowledging peer contributions.
- Understands and leverages team dynamics. Execution -
Accountability: Advanced - Leading and Guiding
- Fully accountable for timeliness, completeness, quality of
projects, processes, products and services.
- Remains calm and focused on goals while facing pressures,
obstacles or short-term setbacks. Influence - Information Sharing:
Advanced - Leading and Guiding
- Ensures people receive the information they require, and brings
the team together to share information. Influence - Two-way
communication: Advanced - Leading and Guiding
- Effectively conveys difficult or complex information in an easy
to understand manner, by providing the big picture and illustrating
important linkages.
- Asks open-ended questions that encourage others to give their
points of view. Risk Business Acumen - Industry Acumen: Advanced -
Leading and Guiding
- Keeps up -to-date with external market events, pressures and
regulations which may impact the organization and assesses whether
similar issues exist in the organization.
- Can identify functional and organizational implications
associated with major trends.
- Designs solutions to address industry activities that impact
the organization. Risk Management - Knowledge of Risk Management
Policies, Regulations, Processes and Procedures: Advanced - Leading
and Guiding
- Monitors adherence to policies, regulations, processes and
procedures within function and actively undertakes corrective
action where necessary.
- Understands end to end processes across the organization and
how processes are integrated.
- Has a practical knowledge of regulations impacting area
supported. Risk Management - Risk and Compliance Adherence:
Advanced - Leading and Guiding
- Ensures that all directs and colleagues have appropriate
knowledge of risk and the regulatory environment.
- Investigates and identifies the root cause and corrects items
deemed non-compliant, regardless of pressures from business or
management.
Diversity & EEO Statements:
At Santander, we value and respect differences in our workforce and
strive to increase the diversity of our teams. We actively
encourage everyone to apply.
Santander is an equal opportunity employer. All qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, sexual orientation, gender identity,
national origin, genetics, disability, age, veteran status or any
other characteristic protected by law.
Working Conditions:
Frequent Minimal physical effort such as sitting, standing and
walking. Occasional moving and lifting equipment and furniture is
required to support onsite and offsite meeting setup and teardown.
Physically capable of lifting up to fifty pounds, able to bend,
kneel, climb ladders.
Employer Rights:
This job description does not list all of the job duties of the
job. You may be asked by your supervisors or managers to perform
other duties. You may be evaluated in part based upon your
performance of the tasks listed in this job description. The
employer has the right to revise this job description at any time.
This job description is not a contract for employment and either
you or the employer may terminate at any time for any reason.
Primary Location: Quincy, MA . click apply for full job detailsby
Jobble
Keywords: Santander Holdings Usa Inc, Newton , Sr. Associate, Business Control and Risk Management-IT Cloud Control Tester, IT / Software / Systems , Quincy, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...
